cleantalk
Vulnerabilities and Security Researches

Motors – Car Dealer, Classifieds & Listing, CVE-2026-7859

CVE, Research URL

CVE-2026-7859

Home page URL

Security reports for Motors – Car Dealer, Classifieds & Listing

Application

Motors – Car Dealer, Classifieds & Listing

Published on
Jun 22, 2026
Research Description
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices.
Affected versions
max 1.4.110.
Status
vulnerable
Previous vulnerability researches
Vitepos – Point of sale (POS) plugin for WooCommerce (CVE-2024-33574) , Jun 06, 2024
Vitepos – Point of sale (POS) plugin for WooCommerce (CVE-2025-39535) , Apr 19, 2025
Vitepos – Point of sale (POS) plugin for WooCommerce (CVE-2025-26750) , Feb 21, 2025
Vitepos – Point of sale (POS) plugin for WooCommerce (CVE-2025-22277) , Apr 03, 2025
Vitepos – Point of sale (POS) plugin for WooCommerce (CVE-2026-8157) , Jun 24, 2026
New vulnerability
Interactive Content – H5P (CVE-2026-56006) , Jun 24, 2026
Transbank Webpay REST (CVE-2026-6858) , Jun 24, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-4610) , Jun 24, 2026
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026
Motors – Car Dealer, Classifieds & Listing (CVE-2026-7859) , Jun 24, 2026